github_organization_ruleset gets in bad state and can't recover

[pdewilde]

Expected Behavior

1. I modify a ruleset, terraform apply fails due to the required workflow being in a repo with action sharing disabled.
2. I fix the action sharing setting.
3. Another apply sets the correct ruleset.

Actual Behavior

1. I modify a ruleset, terraform apply fails due to the required workflow being in a repo with action sharing disabled. 422 Validation Failed [{Resource: Field: Code: Message:Invalid rule 'workflows': Invalid parameter workflows: Workflow error at index 0: Workflow source repository 'my-org/required-scan' has actions sharing disabled}]
2. I fix the action sharing setting.
3. Apply/plan says there is nothing to change. TF state command shows my changes, but when I actually look in org settings, the ruleset has not been updated.

I think there are two things going on:

1. A bug somewhere that causes the state to be updated despite the 422 validation failure. The state gets updated with the changes, but the etag is from the old version of the rule since the update failed.
2. Since the etag matches the old version of the rule, the provider sends it to GitHub when refreshing state and is told nothing is changed. Terraform provider has incorrect state, but since "nothing changed" it assumes that its internal state is accurate.

Terraform Version

Terraform Version:

v1.7.1

GitHub provider:

• Bad state created in v6.7.9
• Updated to v6.9.1 and it didn't help recover

Affected Resource(s)

• resource_github_organization_ruleset

Terraform Configuration Files

Steps to Reproduce

1. Have an existing github org ruleset with no required workflow action (in evaluate)
2. Update tf config to add a required workflow from a repo that doesn't have action sharing enabled. Also switch to active
3. terraform apply: Fails with

Error: PUT https://(gh instance)/api/v3/orgs/my-org/rulesets/108: 422 Validation Failed [{Resource: Field: Code: Message:Invalid rule 'workflows': Invalid parameter workflows: Workflow error at index 0: Workflow source repository 'my-org/required-scan' has actions sharing disabled}]

4. Enable action sharing on the repo
5. Re-apply workflow rule

Debug Output

Panic Output

Code of Conduct

• I agree to follow this project's Code of Conduct

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀